Help Universe


SSO & AD integration.

In this guide you will get an overview on how the AD Integration & SSO with ITBIaaS is set up including the openID coonect authorization code flow and the IdP requirements.

OpenID Connect Authorization Code Flow

IdP Requirements

IdP Discovery Document (Well-Known Configuration)

  • Discovery URL (Usually ‘/.well-known/openid-configuration’) (provided by IdP)

Client Registration Details

  • Client ID: Unique identifier for the Relying Party (provided by IdP)
  • Client Secret: Secret known only by the Relying Party and IdP (provided by IdP)
  • Redirect URIs: Allow Relying Party Callback URL (Allow by IdP)

Supported Scopes

  • ‘openid’, ‘profile’, ’email’

Claim/Attribute Mapping

  • What claims will be included from the IdP in the ID token (e.g., ‘sub’, ‘name’, ’email’)

Token Audience Restriction

  • IdP can optionally provide a ‘aud’ claim to be used by RP


Next step

Please contact for callback URL and further instructions on how to test the flow.

Contact support.

If you have any questions, difficulties, or suggestions please write to our support channel by filling out the form.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.